Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
Netbox Docker Default Admin Account and API Token
CVE-2023-27573
Summary
Netbox Docker versions before 2.5.0 contain a default admin account and API token. This means that anyone who uses the default credentials can access the system without needing a password. If you're using Netbox Docker, you should change the admin password and API token to prevent unauthorized access.
Original title
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In pr...
Original description
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.
nvd CVSS3.1
9.0
Vulnerability type
CWE-1392
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026